Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e4fb415

Browse files
aschackmullaschackmull
committed
Dataflow: Reshuffle some predicates.
1 parent 5a1c0e9 commit e4fb415

1 file changed

Lines changed: 64 additions & 44 deletions

File tree

java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll

Lines changed: 64 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -502,7 +502,7 @@ private module Stage1 {
502502
* Holds if `c` is the target of both a read and a store in the flow covered
503503
* by `revFlow`.
504504
*/
505-
predicate revFlowIsReadAndStored(Content c, Configuration conf) {
505+
private predicate revFlowIsReadAndStored(Content c, Configuration conf) {
506506
revFlowIsRead(c, conf) and
507507
revFlowStore(c, _, _, conf)
508508
}
@@ -557,8 +557,32 @@ private module Stage1 {
557557
)
558558
}
559559

560+
pragma[nomagic]
561+
predicate storeStepCand(
562+
Node node1, Ap ap1, TypedContent tc, Node node2, DataFlowType contentType, Configuration config
563+
) {
564+
exists(Content c |
565+
revFlowIsReadAndStored(c, config) and
566+
revFlow(node2, unbind(config)) and
567+
store(node1, tc, node2, contentType) and
568+
c = tc.getContent() and
569+
exists(ap1)
570+
)
571+
}
572+
573+
pragma[nomagic]
574+
predicate readStepCand(Node n1, Content c, Node n2, Configuration config) {
575+
revFlowIsReadAndStored(c, config) and
576+
revFlow(n2, unbind(config)) and
577+
read(n1, c, n2)
578+
}
579+
560580
pragma[nomagic]
561581
predicate revFlow(Node node, Configuration config) { revFlow(node, _, config) }
582+
583+
predicate revFlow(Node node, boolean toReturn, ApOption returnAp, Ap ap, Configuration config) {
584+
revFlow(node, toReturn, config) and exists(returnAp) and exists(ap)
585+
}
562586
/* End: Stage 1 logic. */
563587
}
564588

@@ -600,23 +624,6 @@ private predicate parameterThroughFlowNodeCand1(ParameterNode p, Configuration c
600624
)
601625
}
602626

603-
pragma[nomagic]
604-
private predicate storeCand1(Node n1, TypedContent tc, Node n2, Configuration config) {
605-
exists(Content c |
606-
Stage1::revFlowIsReadAndStored(c, config) and
607-
Stage1::revFlow(n2, unbind(config)) and
608-
store(n1, tc, n2, _) and
609-
c = tc.getContent()
610-
)
611-
}
612-
613-
pragma[nomagic]
614-
private predicate read(Node n1, Content c, Node n2, Configuration config) {
615-
Stage1::revFlowIsReadAndStored(c, config) and
616-
Stage1::revFlow(n2, unbind(config)) and
617-
read(n1, c, n2)
618-
}
619-
620627
pragma[noinline]
621628
private predicate localFlowStepNodeCand1(Node node1, Node node2, Configuration config) {
622629
Stage1::revFlow(node2, config) and
@@ -740,14 +747,19 @@ private predicate flowIntoCallNodeCand1(
740747
}
741748

742749
private module Stage2 {
743-
class ApApprox = Stage1::Ap;
750+
module PrevStage = Stage1;
751+
752+
class ApApprox = PrevStage::Ap;
744753

745754
class Ap = boolean;
746755

747756
class ApNil extends Ap {
748757
ApNil() { this = false }
749758
}
750759

760+
bindingset[result, ap]
761+
ApApprox getApprox(Ap ap) { any() }
762+
751763
ApNil getApNil(Node node) { any() }
752764

753765
bindingset[tc, tail]
@@ -785,10 +797,6 @@ private module Stage2 {
785797
bindingset[innercc, inner, call]
786798
predicate checkCallContextReturn(Cc innercc, DataFlowCallable inner, DataFlowCall call) { any() }
787799

788-
predicate flowCand(Node node, ApApprox apa, Configuration config) {
789-
Stage1::revFlow(node, config) and exists(apa)
790-
}
791-
792800
bindingset[node, cc, config]
793801
LocalCc getLocalCc(Node node, Cc cc, Configuration config) { any() }
794802

@@ -807,6 +815,10 @@ private module Stage2 {
807815
}
808816

809817
/* Begin: Stage 2 logic. */
818+
private predicate flowCand(Node node, ApApprox apa, Configuration config) {
819+
PrevStage::revFlow(node, _, _, apa, config)
820+
}
821+
810822
/**
811823
* Holds if `node` is reachable with access path `ap` from a source in the
812824
* configuration `config`.
@@ -881,8 +893,10 @@ private module Stage2 {
881893
private predicate fwdFlowStore(
882894
Node node1, Ap ap1, TypedContent tc, Node node2, Cc cc, ApOption argAp, Configuration config
883895
) {
884-
fwdFlow(node1, cc, argAp, ap1, config) and
885-
storeCand1(node1, tc, node2, config)
896+
exists(DataFlowType contentType |
897+
fwdFlow(node1, cc, argAp, ap1, config) and
898+
PrevStage::storeStepCand(node1, getApprox(ap1), tc, node2, contentType, config)
899+
)
886900
}
887901

888902
/**
@@ -902,7 +916,7 @@ private module Stage2 {
902916
Ap ap, Content c, Node node1, Node node2, Cc cc, ApOption argAp, Configuration config
903917
) {
904918
fwdFlow(node1, cc, argAp, ap, config) and
905-
read(node1, c, node2, config) and
919+
PrevStage::readStepCand(node1, c, node2, config) and
906920
getHeadContent(ap) = c
907921
}
908922

@@ -1281,7 +1295,9 @@ private module LocalFlowBigStep {
12811295
private import LocalFlowBigStep
12821296

12831297
private module Stage3 {
1284-
class ApApprox = Stage2::Ap;
1298+
module PrevStage = Stage2;
1299+
1300+
class ApApprox = PrevStage::Ap;
12851301

12861302
class Ap = AccessPathFront;
12871303

@@ -1327,10 +1343,6 @@ private module Stage3 {
13271343
bindingset[innercc, inner, call]
13281344
predicate checkCallContextReturn(Cc innercc, DataFlowCallable inner, DataFlowCall call) { any() }
13291345

1330-
predicate flowCand(Node node, ApApprox apa, Configuration config) {
1331-
Stage2::revFlow(node, _, _, apa, config)
1332-
}
1333-
13341346
bindingset[node, cc, config]
13351347
LocalCc getLocalCc(Node node, Cc cc, Configuration config) { any() }
13361348

@@ -1341,6 +1353,10 @@ private module Stage3 {
13411353
}
13421354

13431355
/* Begin: Stage 3 logic. */
1356+
private predicate flowCand(Node node, ApApprox apa, Configuration config) {
1357+
PrevStage::revFlow(node, _, _, apa, config)
1358+
}
1359+
13441360
/**
13451361
* Holds if `node` is reachable with access path `ap` from a source in the
13461362
* configuration `config`.
@@ -1407,7 +1423,7 @@ private module Stage3 {
14071423
or
14081424
// flow into a callable
14091425
fwdFlowIn(_, node, _, cc, _, ap, config) and
1410-
if Stage2::revFlow(node, true, _, unbindBool(ap.toBoolNonEmpty()), config)
1426+
if PrevStage::revFlow(node, true, _, unbindBool(ap.toBoolNonEmpty()), config)
14111427
then argAp = apSome(ap)
14121428
else argAp = apNone()
14131429
or
@@ -1428,7 +1444,7 @@ private module Stage3 {
14281444
) {
14291445
exists(DataFlowType contentType |
14301446
fwdFlow(node1, cc, argAp, ap1, config) and
1431-
Stage2::storeStepCand(node1, getApprox(ap1), tc, node2, contentType, config) and
1447+
PrevStage::storeStepCand(node1, getApprox(ap1), tc, node2, contentType, config) and
14321448
// We need to typecheck stores here, since reverse flow through a getter
14331449
// might have a different type here compared to inside the getter.
14341450
compatibleTypes(ap1.getType(), contentType)
@@ -1449,7 +1465,7 @@ private module Stage3 {
14491465
Ap ap, Content c, Node node1, Node node2, Cc cc, ApOption argAp, Configuration config
14501466
) {
14511467
fwdFlow(node1, cc, argAp, ap, config) and
1452-
Stage2::readStepCand(node1, c, node2, config) and
1468+
PrevStage::readStepCand(node1, c, node2, config) and
14531469
getHeadContent(ap) = c
14541470
}
14551471

@@ -1498,7 +1514,7 @@ private module Stage3 {
14981514
) {
14991515
exists(ParameterNode p |
15001516
fwdFlowIn(call, p, cc, _, argAp, ap, config) and
1501-
Stage2::revFlow(p, true, TBooleanSome(_), unbindBool(ap.toBoolNonEmpty()), config)
1517+
PrevStage::revFlow(p, true, TBooleanSome(_), unbindBool(ap.toBoolNonEmpty()), config)
15021518
)
15031519
}
15041520

@@ -1893,7 +1909,9 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
18931909
}
18941910

18951911
private module Stage4 {
1896-
class ApApprox = Stage3::Ap;
1912+
module PrevStage = Stage3;
1913+
1914+
class ApApprox = PrevStage::Ap;
18971915

18981916
class Ap = AccessPathApprox;
18991917

@@ -1943,10 +1961,6 @@ private module Stage4 {
19431961
innercc.(CallContextCall).matchesCall(call)
19441962
}
19451963

1946-
predicate flowCand(Node node, ApApprox apa, Configuration config) {
1947-
Stage3::revFlow(node, _, _, apa, config)
1948-
}
1949-
19501964
bindingset[node, cc, config]
19511965
LocalCc getLocalCc(Node node, Cc cc, Configuration config) {
19521966
localFlowEntry(node, config) and
@@ -1960,6 +1974,10 @@ private module Stage4 {
19601974
}
19611975

19621976
/* Begin: Stage 4 logic. */
1977+
private predicate flowCand(Node node, ApApprox apa, Configuration config) {
1978+
PrevStage::revFlow(node, _, _, apa, config)
1979+
}
1980+
19631981
/**
19641982
* Holds if `node` is reachable with access path `ap` from a source in the
19651983
* configuration `config`.
@@ -2024,7 +2042,9 @@ private module Stage4 {
20242042
exists(ApApprox apa |
20252043
fwdFlowIn(_, node, _, cc, _, ap, config) and
20262044
apa = ap.getFront() and
2027-
if Stage3::revFlow(node, true, _, apa, config) then argAp = apSome(ap) else argAp = apNone()
2045+
if PrevStage::revFlow(node, true, _, apa, config)
2046+
then argAp = apSome(ap)
2047+
else argAp = apNone()
20282048
)
20292049
or
20302050
// flow out of a callable
@@ -2044,7 +2064,7 @@ private module Stage4 {
20442064
) {
20452065
exists(DataFlowType contentType |
20462066
fwdFlow(node1, cc, argAp, ap1, config) and
2047-
Stage3::storeStepCand(node1, getApprox(ap1), tc, node2, contentType, config)
2067+
PrevStage::storeStepCand(node1, getApprox(ap1), tc, node2, contentType, config)
20482068
)
20492069
}
20502070

@@ -2062,7 +2082,7 @@ private module Stage4 {
20622082
Ap ap, Content c, Node node1, Node node2, Cc cc, ApOption argAp, Configuration config
20632083
) {
20642084
fwdFlow(node1, cc, argAp, ap, config) and
2065-
Stage3::readStepCand(node1, c, node2, config) and
2085+
PrevStage::readStepCand(node1, c, node2, config) and
20662086
getHeadContent(ap) = c
20672087
}
20682088

@@ -2113,7 +2133,7 @@ private module Stage4 {
21132133
) {
21142134
exists(ParameterNode p |
21152135
fwdFlowIn(call, p, cc, _, argAp, ap, config) and
2116-
Stage3::revFlow(p, true, TAccessPathFrontSome(_), ap.getFront(), config)
2136+
PrevStage::revFlow(p, true, TAccessPathFrontSome(_), ap.getFront(), config)
21172137
)
21182138
}
21192139

0 commit comments

Comments
 (0)